Biz & IT —

Think your Skype messages get end-to-end encryption? Think again

Ars catches Microsoft accessing links we sent in our test messages.

If you think the private messages you send over Skype are protected by end-to-end encryption, think again. The Microsoft-owned service regularly scans message contents for signs of fraud, and company managers may log the results indefinitely, Ars has confirmed. And this can only happen if Microsoft can convert the messages into human-readable form at will.

With the help of independent privacy and security researcher Ashkan Soltani, Ars used Skype to send four Web links that were created solely for purposes of this article. Two of them were never clicked on, but the other two—one beginning in HTTP link and the other HTTPS—were accessed by a machine at 65.52.100.214, an IP address belonging to Microsoft. For those interested in the technical details, the log line looked like this:

The results—which were similar but not identical to those reported last week by The H Security—prove conclusively that Microsoft not only has ability to peer at the plaintext sent from one Skype user to another, but that the company regularly flexes that monitoring muscle.

In one sense, this shouldn't come as news. Skype's privacy policy clearly states that it may (emphasis added) use automated scanning within Instant Messages and SMS to identify spam and links to sites engaged in phishing and other forms of fraud. And as Ars reported last year, since Skype was acquired by Microsoft, the network running the service has been drastically overhauled from its design of the preceding decade. Gone are the peer-to-peer "supernodes" made up of users with sufficient amounts of bandwidth and processing power; in their place are some 10,000 Linux machines hosted by Microsoft. In short, the decentralization that had been one of Skype's hallmarks was replaced with a much more centralized network. It stands to reason that messages traveling over centralized networks may be easier to monitor.

Perception, meet reality

Still, there's a widely held belief—even among security professionals, journalists, and human rights activists—that Skype somehow offers end-to-end encryption, meaning communications are encrypted by one user, transmitted over the wire, and then decrypted only when they reach the other party and are fully under that party's control. This is clearly not the case if Microsoft has the ability to read URLs transmitted back and forth.

"The problem right now is that there's a mismatch between the privacy people expect and what Microsoft is actually delivering," Matt Green, a professor specializing in encryption at Johns Hopkins University, told Ars. "Even if Microsoft is only scanning links for 'good' purposes, say detecting malicious URLs, this indicates that they can intercept some of your text messages. And that means they could potentially intercept a lot more of them."

Specifics of the Microsoft scanning remain unclear; one possibility is that the scanning and spam-checking happen on Microsoft servers as communications pass through supernodes. Another possibility is that the Skype client on each end-user machine uses "regular expression" programming techniques built into the software and sends only the links to Microsoft servers.

"Either way, the finding does confirm that somewhere along the stream, Microsoft/Skype has the ability to intercept/extract content from your communications though we can't conclusively say where," Soltani wrote in an e-mail to Ars. "For example, even if the scanning was happening client side, it's plausible that MS could be compelled to push a ruleset to the Skype client that just logs/transmits all our activity (similar to what CarrierIQ was doing on the HTC phones)."

Helping to feed this confusion about exactly what measures are taken to protect Skype messages is Microsoft's management, which remains vague about the precise type of encryption its service uses. Asked for comment on this story, a spokeswoman offered a statement that was identical to a single sentence in the privacy policy. The statement didn't address my other question that's equally important: does Microsoft record the links and other content sent over Skype? Eventually I found the answer, and unfortunately it gives Microsoft all the wiggle room it needs. It states: "Skype will retain your information for as long as is necessary to: (1) fulfill any of the Purposes (as defined in article 2 of this Privacy Policy) or (2) comply with applicable legislation, regulatory requests and relevant orders from competent courts."

To be fair, Microsoft's scanning of Skype messages isn't too different from techniques Facebookreportedly employs, and what any number of other online services do, too. As Green notes, these companies have a duty to make sure their services aren't abused to circulate malware.

What's different in the case of Skype is the misunderstanding among many users that links and other content sent over the service are private. This misunderstanding is all the more unfortunate given the possibility that this information plucked out of private messages could be logged and retained for as long as some nameless, faceless Microsoft manager deems appropriate. Add to that the fact that a server bearing a Microsoft IP address very well may click on any link you send over Skype and it may not be such a good option for dissidents trying to lay low.

So the next time you use Skype, enjoy the clarity of the voice communications, its generally slick user interface, and its many other benefits. Just don't think the service can't peer into your messages and store indefinitely what Microsoft managers want. It can, and until officials specifically disclose their practices, users should assume it does.

Promoted Comments

The difference is that Skype is secure against a malicious hacker down the street. It is *not* secure against Microsoft and the Feds. For some people that's good enough. For others they'll probably have to look elsewhere. I think this is an issue that needs to be made public so people can vote with their feet.

That's misleading. Either something is secure or it's not, and Skype is not. Even if you trust MS and the Feds, the fact that they can decrypt the communications means that anyone that compromises a Skype server can do it also. We're well past the point where the only hackers are kids doing it for kicks, there would be a lot of money in silently compromising a server like that and selling the captured info.

If you need security you need to control both endpoints. having the server be an endpoint is never going to be secure.

I have to wonder what brave admin at MS is responsible for handling the machines that follow links in Skype traffic...

Just imagine: "So, your job is to run some servers. They will programmatically visit any arbitrary URL that any Skype user wishes to feed them. Have a nice day, and try not to get compromised."

If you issue a HTTP GET from your favorite programming language, there isn't much risk of a browser exploit working. I'm pretty damn sure MS doesn't script Internet Explorer to visit all those pages.

Presumably, if they are looking for phishing/malware/etc. they have to be running something of reasonable complexity against the payload. Just poking the server and getting a 'yup, it's here!' would indeed be fairly safe; but also entirely pointless. They have to be running some sort of AV system or something for the system to be worth operating at all.

As shown in the log file snippet included in the article, the HTTP GET request was not issued; they sent a HEAD request, which does not retrieve page content. From section 9.4 of the HTML 1.1 spec:

Quote:

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response.

(emphasis mine).

The HEAD request is used for checking if a file or object exists at all, checking its size, etc. - meta stuff.

As for Microsoft's/Skype's methodology, my first bet was, as others have mentioned, the client checking links for phishing or other malicious addresses just as a browser does. However, the questions (mysteries!) there are why it would actually check the link by issuing the HEAD request, which proves very little as it it would "catch" temporary network issues or server outages, etc. Useless for security. And also, why it comes from a Microsoft address, not the client's address. Browser "safe browsing" features typically involve DNS requests and requests sent to a safe-browsing service's network, such as Google's safe browsing look-up service, from the client. The Microsoft source address has other implications, in my opinion.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

Either way, MS's servers still have a theoretically-permanent copy of the message that A sent to B; either way, Skype is not functionally offering end-to-end encryption; either way, Skype is not as secure as the article suggests most people believe it to be.

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

The functional difference would be that a MITM attack which modified the message before being received by B would be impossible.

However, as Xavin points out, a Skype server being compromised in order to snoop on the plain-text info would still be in play. Also, in the scenario proposed by pusher-robot, would this not open up the recipient's connection back to MS as another attack vector?

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

Either way, MS's servers still have a theoretically-permanent copy of the message that A sent to B; either way, Skype is not functionally offering end-to-end encryption; either way, Skype is not as secure as the article suggests most people believe it to be.

In the latter case, the client could theoretically be sending the URL's only, not the complete message. That seems to be a meaningful difference to me, especially if you have already chosen to use the SmartScreen service.

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

The functional difference would be that a MITM attack which modified the message before being received by B would be impossible.

However, as Xavin points out, a Skype server being compromised in order to snoop on the plain-text info would still be in play. Also, in the scenario proposed by pusher-robot, would this not open up the recipient's connection back to MS as another attack vector?

I see your point; I should have asked whether, from a privacy perspective, there was a meaningful difference. Modified messages, while certainly not good, don't have the privacy implications that the stored-indefinitely copies present.

Clearly, MitM is worse than "B (or A) forwards copies to MS", but they still both end with MS having a copy of the message.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

If the local client is reading the info and acting on it, then it's not end-to-end encryption. It is still a MiM scenario, only that the "Middle" is really close to one of the endpoints, a Man at almost the Endpoint attack if you want to name it.

112 Reader Comments

I recently needed identifying information from my nieces, including birth dates, addresses, Social Security numbers, etc. What you're saying is that it's OK to trust unidentified MS employees with that information. I disagree.

There is potential for abuse on the inside, certainly. But personally I am completely comfortable trusting Microsoft with such plaintext. They are a well known and trusted entity which takes user privacy and security quite seriously. The odds of successful identity theft from within the company compared to, say, some dope at starbucks casually observing wifi packets is very, very small. By trusting one I have gained a measure of safety from many.

The difference is that Skype is secure against a malicious hacker down the street. It is *not* secure against Microsoft and the Feds. For some people that's good enough. For others they'll probably have to look elsewhere. I think this is an issue that needs to be made public so people can vote with their feet.

Secure is relative anyway, right?

Ignoring that, the fact that Skype exposes your IP created another popular attack vector for DOSing someone offline with just their username.

It surprises me when end users assume whatever message they are sending over IM/social network cannot be read by the service provider. Facebook can read your messages, Gmail can read your messages, why should Skype be any different?

The bigger question is - can your ISP snoop on those messages? Can your employer snoop on the messages if you are "skyping" at work?

SSL is based on trusting a third-party certificate authority. Employers can just add a trusted CA to your browser and run your SSL connections through an SSL proxy and you wouldn't know you're being watched. Your browser wouldn't even tell you cause its been told by a CA it trusts that everything's fine.

But Skype seems to use its own custom key exchange method. So the above wouldn't apply.

I was surprised how long it took the article to point out the most likely thing happening here: That client-side logic after the message has been received and decrypted are probably transmitting URLs to Microsoft to compare against lists of known malware sites. Just as Firefox's "Phishing Protection feature" does every time you enter a URL into the address bar.

I've seen other IM clients that do this. If someone sends you a suspect site the IM client warns as much.

I'd prefer them not harvesting that info at all but to prevent the spread of malware may be a greater good.

It surprises me when end users assume whatever message they are sending over IM/social network cannot be read by the service provider. Facebook can read your messages, Gmail can read your messages, why should Skype be any different?

The bigger question is - can your ISP snoop on those messages? Can your employer snoop on the messages if you are "skyping" at work?

SSL is based on trusting a third-party certificate authority. Employers can just add a trusted CA to your browser and run your SSL connections through an SSL proxy and you wouldn't know you're being watched. Your browser wouldn't even tell you cause its been told by a CA it trusts that everything's fine.

But Skype seems to use its own custom key exchange method. So the above wouldn't apply.

All bets are off in keeping privacy at work. They control the hardware and can keylog and screen grab whenever they want. (At least in the U.S., that would all be perfectly legal. Some other countries have workplace privacy laws that limit some of that, IIRC.)

Am I the only one who sees the irony - or the hypocrisy - of the "Scroogled" campaign that was making fun of Google for reading your gmail?

No. The point of those ads were to lay claim to gmail serving you ads by reading your emails and then giving you ads related to those emails. That is a bit different than scanning URLS for malicious links in an IM protocol. Regardless if people think this is good/bad/right/wrong, it is totally different than why gmail parses your inbox.

I must have missed the part where Skype was touted as providing encrypted communication.

From their site:

Quote:

Voice messages are encrypted in the same way as Skype calls and instant messages are encrypted. However, after you have listened to a voice message, it is transferred from our servers to your local machine, where it is stored as an unencrypted file.

Skype uses the AES (Advanced Encryption Standard*), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype uses the maximum 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.

Meh. I read that as "your communication with our service is encrypted in transit," not "your communication is secure."

Oh. Then maybe I just misunderstood the comment, because he just said "encrypted communication".

Back when it was still peer-to-peer, it would have almost certainly had full point-to-point encryption. I don't remember if they touted as much, but that's what everyone assumed. It's one thing to let Microsoft scan your messages for spam (this is not different than having them be your email provider). It's quite another to let whatever random peer happens to be operating in super-node mode be able to read your messages. I'm not saying that Skype's security was necessarily perfect (they did operate in security-by-obscurity mode, after all), just that the security goal would have had to be to not allow super-nodes to decrypt messages.

You understood my comment correctly. I actually had no idea that it was encrypted. I assumed it wasn't. I only use it when I travel, so this does not affect me much. I was just surprised that all communication was supposedly encrypted.

The difference is that Skype is secure against a malicious hacker down the street. It is *not* secure against Microsoft and the Feds. For some people that's good enough. For others they'll probably have to look elsewhere. I think this is an issue that needs to be made public so people can vote with their feet.

That's misleading. Either something is secure or it's not, and Skype is not. Even if you trust MS and the Feds, the fact that they can decrypt the communications means that anyone that compromises a Skype server can do it also. We're well past the point where the only hackers are kids doing it for kicks, there would be a lot of money in silently compromising a server like that and selling the captured info.

If you need security you need to control both endpoints. having the server be an endpoint is never going to be secure.

I have to wonder what brave admin at MS is responsible for handling the machines that follow links in Skype traffic...

Just imagine: "So, your job is to run some servers. They will programmatically visit any arbitrary URL that any Skype user wishes to feed them. Have a nice day, and try not to get compromised."

If you issue a HTTP GET from your favorite programming language, there isn't much risk of a browser exploit working. I'm pretty damn sure MS doesn't script Internet Explorer to visit all those pages.

Presumably, if they are looking for phishing/malware/etc. they have to be running something of reasonable complexity against the payload. Just poking the server and getting a 'yup, it's here!' would indeed be fairly safe; but also entirely pointless. They have to be running some sort of AV system or something for the system to be worth operating at all.

As shown in the log file snippet included in the article, the HTTP GET request was not issued; they sent a HEAD request, which does not retrieve page content. From section 9.4 of the HTML 1.1 spec:

Quote:

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response.

(emphasis mine).

The HEAD request is used for checking if a file or object exists at all, checking its size, etc. - meta stuff.

As for Microsoft's/Skype's methodology, my first bet was, as others have mentioned, the client checking links for phishing or other malicious addresses just as a browser does. However, the questions (mysteries!) there are why it would actually check the link by issuing the HEAD request, which proves very little as it it would "catch" temporary network issues or server outages, etc. Useless for security. And also, why it comes from a Microsoft address, not the client's address. Browser "safe browsing" features typically involve DNS requests and requests sent to a safe-browsing service's network, such as Google's safe browsing look-up service, from the client. The Microsoft source address has other implications, in my opinion.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

It surprises me when end users assume whatever message they are sending over IM/social network cannot be read by the service provider. Facebook can read your messages, Gmail can read your messages, why should Skype be any different?

The bigger question is - can your ISP snoop on those messages? Can your employer snoop on the messages if you are "skyping" at work?

SSL is based on trusting a third-party certificate authority. Employers can just add a trusted CA to your browser and run your SSL connections through an SSL proxy and you wouldn't know you're being watched. Your browser wouldn't even tell you cause its been told by a CA it trusts that everything's fine.

But Skype seems to use its own custom key exchange method. So the above wouldn't apply.

All bets are off in keeping privacy at work. They control the hardware and can keylog and screen grab whenever they want. (At least in the U.S., that would all be perfectly legal. Some other countries have workplace privacy laws that limit some of that, IIRC.)

"Russian law enforcement agencies have the ability to eavesdrop on Skype conversations, as well as have access to Skype users geographic locations. In many cases, simple request for information is sufficient, and no court approval is needed. This ability was deliberately added by Microsoft after Skype purchase in 2011 for the law enforcement agencies around the world. This is implemented through switching the Skype client for a particular user account from the client side encryption to the server side encryption, allowing dissemination of an unencrypted data stream."

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

Either way, MS's servers still have a theoretically-permanent copy of the message that A sent to B; either way, Skype is not functionally offering end-to-end encryption; either way, Skype is not as secure as the article suggests most people believe it to be.

I must have missed the part where Skype was touted as providing encrypted communication.

From their site:

Quote:

Voice messages are encrypted in the same way as Skype calls and instant messages are encrypted. However, after you have listened to a voice message, it is transferred from our servers to your local machine, where it is stored as an unencrypted file.

Skype uses the AES (Advanced Encryption Standard*), also known as Rijndael, which is used by the US Government to protect sensitive information, and Skype uses the maximum 256-bit encryption. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates.

Meh. I read that as "your communication with our service is encrypted in transit," not "your communication is secure."

Oh. Then maybe I just misunderstood the comment, because he just said "encrypted communication".

Back when it was still peer-to-peer, it would have almost certainly had full point-to-point encryption. I don't remember if they touted as much, but that's what everyone assumed. It's one thing to let Microsoft scan your messages for spam (this is not different than having them be your email provider). It's quite another to let whatever random peer happens to be operating in super-node mode be able to read your messages. I'm not saying that Skype's security was necessarily perfect (they did operate in security-by-obscurity mode, after all), just that the security goal would have had to be to not allow super-nodes to decrypt messages.

Was it ever point-to-point?. I was under the assumption that it was always point-supernode-point. Because users use firewalls and NAT, so it is really hard to create a point-to-point communication without asking the user to open a port in the firewall or registering a specific port in the NAT.

The bigger question is - can your ISP snoop on those messages? Can your employer snoop on the messages if you are "skyping" at work?

Good question. Well, they can snoop on SSL communications:

This is a very over broad statement. Being able to possibly conduct a man-in-the-middle attack under certain circumstances isn't the same thing as being able to snoop on arbitrary SSL connections.

Quote:

SSL is based on trusting a third-party certificate authority.

No, authentication is a related by still different problem then encryption. SSL merely uses public and private keys, the actual distribution and authentication mechanism is in addition. The overall PKI system is used for most public sites of course due to scaling. However, any end point has 100% control over exactly who they trust and how they go about it. It's perfectly possible to directly exchange keys face to face (or via some other side channel) and avoid the PKI system entirely. It's possible (and already available for that matter) to perform additional analysis, such as not just doing an online verification each time but also keeping a historical record of every cert and watching out for unscheduled changes.

So an ISP, or anyone else who didn't have control over the accessing device would face significant obstacles in trying to peak on the actual content of any encrypted connection. Statistical analysis could allow them to determine overall patterns and connection type unless camouflaging is used (and that by definition carries latency/bandwidth penalties), but the content can be anything from extremely safe to perfectly safe depending on the protection scheme used.

But anyone who actually has control over the end device though naturally can check everything, they're root. All communication systems assume the integrity of the two parties themselves.

Quote:

Employers can just add a trusted CA to your browser and run your SSL connections through an SSL proxy and you wouldn't know you're being watched. Your browser wouldn't even tell you cause its been told by a CA it trusts that everything's fine.

But Skype seems to use its own custom key exchange method. So the above wouldn't apply.

If the employer owns and manages the device then they don't even need to bother with SSL proxying unless that happens to be the cheapest/most effective method for what they want to monitor, they have limitless tools at their disposal. They could have an action logger on every system if they wanted, because they're root, the end. That's the same as anyone else being root, the sky is the limit, so yeah, employers can of course monitor everything there. It'd get more complicated in a BYOD situation though, where it'd boil down to exactly what sort of control you grant someone else over your device.

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

The functional difference would be that a MITM attack which modified the message before being received by B would be impossible.

However, as Xavin points out, a Skype server being compromised in order to snoop on the plain-text info would still be in play. Also, in the scenario proposed by pusher-robot, would this not open up the recipient's connection back to MS as another attack vector?

Am I the only one who sees the irony - or the hypocrisy - of the "Scroogled" campaign that was making fun of Google for reading your gmail?

One is reading your email to know about you so they can target ads at you. The other is allegedly reading your IMs to check if the user talking to you is sending a legit link or a phishing link. The other might be also be complaint with US laws and letting the feds read or listen to your communications if they get a court order. Pretty sure that Google does the same with regards to court orders.

The difference is that Skype is secure against a malicious hacker down the street. It is *not* secure against Microsoft and the Feds. For some people that's good enough. For others they'll probably have to look elsewhere. I think this is an issue that needs to be made public so people can vote with their feet.

That's misleading. Either something is secure or it's not, and Skype is not. Even if you trust MS and the Feds, the fact that they can decrypt the communications means that anyone that compromises a Skype server can do it also. We're well past the point where the only hackers are kids doing it for kicks, there would be a lot of money in silently compromising a server like that and selling the captured info.

If you need security you need to control both endpoints. having the server be an endpoint is never going to be secure.

I think nobody promises you perfect security. People in Iran still use Gmail, despite it being insecure by yours definition. Similarly Skype gives you some kind of security. Beside that, nothing is full secure.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

Either way, MS's servers still have a theoretically-permanent copy of the message that A sent to B; either way, Skype is not functionally offering end-to-end encryption; either way, Skype is not as secure as the article suggests most people believe it to be.

In the latter case, the client could theoretically be sending the URL's only, not the complete message. That seems to be a meaningful difference to me, especially if you have already chosen to use the SmartScreen service.

From a 'black hat' perspective, this sounds like an awesome potential new tool. Could this be used as part of a DDoS? e.g. Send a crap ton of links in a Skype chat, and have Microsoft hammer the server for you

What is running on these link checking boxes? If the server happened to return an Apache/lighttpd/IIS/... exploit ... the Skype link checker sure sounds like the kind of box that various nefarious entities might want to pwn.

Is there any meaningful difference between "message is encrypted by A, sent to MS's servers, decrypted, stored, re-encrypted, and forwarded to B" and "message is encrypted by A, sent to B, decrypted by B, forwarded to MS's servers, and stored"?

The functional difference would be that a MITM attack which modified the message before being received by B would be impossible.

However, as Xavin points out, a Skype server being compromised in order to snoop on the plain-text info would still be in play. Also, in the scenario proposed by pusher-robot, would this not open up the recipient's connection back to MS as another attack vector?

I see your point; I should have asked whether, from a privacy perspective, there was a meaningful difference. Modified messages, while certainly not good, don't have the privacy implications that the stored-indefinitely copies present.

Clearly, MitM is worse than "B (or A) forwards copies to MS", but they still both end with MS having a copy of the message.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

If the local client is reading the info and acting on it, then it's not end-to-end encryption. It is still a MiM scenario, only that the "Middle" is really close to one of the endpoints, a Man at almost the Endpoint attack if you want to name it.

Strawman. Please do not use the tired old "well nothing is perfect therefore everything is the same" fallacy. "Perfect" may be an unobtainable ideal but that has nothing to do with entirely achievable basic standards mattering.

Quote:

People in Iran still use Gmail, despite it being insecure by yours definition.

If by Gmail you mean Gmail as in the email service then no, it can be made secure by that definition (using GPG or S/MIME) just like any email service.

Where these message read from another client? When was the MS access time compared to the time the message was sent? Could it be that the message gets scanned when the other user opens it, and not in transit?

Strawman. Please do not use the tired old "well nothing is perfect therefore everything is the same" fallacy. "Perfect" may be an unobtainable ideal but that has nothing to do with entirely achievable basic standards mattering.

Quote:

People in Iran still use Gmail, despite it being insecure by yours definition.

If by Gmail you mean Gmail as in the email service then no, it can be made secure by that definition (using GPG or S/MIME) just like any email service.

By that rationale Skype "can be made secure" too: just GPG your messages.

Back in the day of AOL, AOL did do this to some degree. They check for viruses in e-mail and checked if the site you are about to visit has been infected by a virus. Anything you send over the Internet is like a postcard or did we forget about this nature of the Internet. Data being pass around on the Internet can easily be read by anybody. Sure encryption is used to make nobody to read what you are sending and receiving to a person that you have given permission. Anything the encrypted content is going through a middleman, will always have a key to decrypt the data and then encrypt the data to pass on to the person you connected to like nothing has happened.

Whining that something is looking up the URL that you sent using text messaging is just childish. Having poison testers in the loop is a good thing. A company recording your chats with out your knowledge is something you should challenge.

I see your point; I should have asked whether, from a privacy perspective, there was a meaningful difference. Modified messages, while certainly not good, don't have the privacy implications that the stored-indefinitely copies present.

Clearly, MitM is worse than "B (or A) forwards copies to MS", but they still both end with MS having a copy of the message.

I should have been a bit more clear in my post that forwarding of the message info from B back to an MS machine (and this machine itself) would become the vulnerable of the system. However, pusher-robot makes a good point that this isn't so bad if only the URLs from the message were being sent back to MS, especially if B had voluntarily opted in to this URL verification service.

Not sure if there would be any practical way to use a MITM attack to modify messages between A and B in a meaningful and non-obvious fashion. One might envision the authorities doing this to spread misleading information to B from the trusted source A, but to be able to do that in real-time seems quite challenging. Maybe the injection/substitution of a URL in the message which could compromise B's machine if visited would be more feasible?

Anybody who thinks they have message security on *ANY* IM network needs to wake up and smell the bits - If they didn't do this, spam and malware links would be a rampant problem, they'd get huge complaints, and users would be dissatisfied with the service.

They basically have to do this to run a quality service, so I don't see what all the hand wringing is about. They don't claim that you're secure end to end, no other network does either to my knowledge.

I FULLY expect that AIM, Yahoo Messanger, Google Talk, ICQ, and whatever other major platforms I'm leaving out *ALL* do this.

If you *need* fully secure end to end IM, you'll probably want to do something like run your own XAMPP server (e.g. jabberd2 or something).

Anything the encrypted content is going through a middleman, will always have a key to decrypt the data and then encrypt the data to pass on to the person you connected to like nothing has happened.

Sorry, but this is patently false; it is entirely possible for (eg) a webmail provider to support an in-browser implementation of PGP (JS encryption/decryption; the plaintext never leaves the local computer). I believe this is how hushmail works, for instance.

I see your point; I should have asked whether, from a privacy perspective, there was a meaningful difference. Modified messages, while certainly not good, don't have the privacy implications that the stored-indefinitely copies present.

Clearly, MitM is worse than "B (or A) forwards copies to MS", but they still both end with MS having a copy of the message.

I should have been a bit more clear in my post that forwarding of the message info from B back to an MS machine (and this machine itself) would become the vulnerable of the system. However, pusher-robot makes a good point that this isn't so bad if only the URLs from the message were being sent back to MS, especially if B had voluntarily opted in to this URL verification service.

Not sure if there would be any practical way to use a MITM attack to modify messages between A and B in a meaningful and non-obvious fashion. authorities doing this to spread misleading information to B from the trusted source A, but to be able to do that in real-time seems quite challenging. Maybe the injection/substitution of a URL in the message which could compromise B's machine if visited would be more feasible?

I submit that B's opting into the service has no bearing on the concerns that A would have with the system. However, I'll admit that that's a fairly fine hair to split.

With IM being, by nature, a "laggy" conversation (in that it's common for typing for a moment for any number of reasons), it would be fairly simple for a MitM who can type quickly to interject/modify messages (modifications to shortened URLs would be the best, of course, but slipping a negation into or out of the conversation could be fun, too). Again, though, I think that's a narrow area of disagreement at worst.

NO MORE SECRETS ONLINE, JUST MORE PROOF. Skype used to be a safe way to chat before MS bought them.

Be who you are in real life, online, Big talk can get you into big trouble. Anonymous thought they were untraceable and nearly all the main guys have been caught. The age of privacy is dead for the most part. You can call me a tin hat conspiracy theorist, but I call it being safe. With my luck I have no choice but to walk the straight and narrow line.

Get used to seeing a lot more of this. Privacy for the most part is just an illusion. If you have a smart phone in your pocket you could be getting spied on right now.

EDIT: Why the down votes? Do you all have a problem with being real? I did not think what I said above was wrong, or offensive. I am not against, or for anonymous, I was just supporting my claim that privacy is nearly non existent today. If I can trace who ever I chose with little effort, then anyone can.

Security is like a locked door, you can still get in. You just need to do a little more extra effort.

Anybody who thinks they have message security on *ANY* IM network needs to wake up and smell the bits - If they didn't do this, spam and malware links would be a rampant problem, they'd get huge complaints, and users would be dissatisfied with the service.

There's absolutely zero legitimate reason for them to scan the content of messages from people on your friends list. There are far better and more effective ways to catch spam accounts than by scraping the messages.

I feel like deja vu. Think Ed Bott said they were scanning for viruses.

Dude, if it's on Internet, it's public.

It is entirely possible to have secure, private communication over the Internet. Just because something uses the Internet does not mean it's public.

If something is connected to the Internet, it is never ever, ever going to be 100% secure. Chances are it will never get compromised, but that is never a guarantee, it simply means that system wasn't worth the reward of breaking it.

Unfortunately it's the processes for retention of such data, and the number of third party hands who manage it, the integrity of those people, who are monitoring or storing data (the skill sets required, etc), currency of the systems, how to track the data, etc all play into to a much bigger picture than is not being looked at - the integrity becomes a huge single point of failure to the whole nation - not to mention the loss of the public's trust.

So to me it goes far beyond the tools or people who do the monitoring. It's the group or individuals who may not be accountable or know how to be accountable or manage or audit the integrity of what they do - then it becomes a much, bigger issue - and destructive and disruptive than the solution it's being applied too. Isn't this the lesson learned from Wiki Leaks - obviously a huge security failure?

I don't think there is a single shred of evidence for the statement that most people assume their conversation is private. Is there a survey to support this statement? Are the questions in the survey in the form "Do you assume that Microsoft Skype conversations are more or less confidential and secure than Google emails?"

It's 2013, and many people are pretty aware that every single tweet, email, IM and chat is or will be stored in the brand new NSA zettabyte datacenter in Utah, together with all phone calls made in the U.S. and many other countries. That's what it was built for. So the hypothesis that Skype performs this kind of analysis on the client side does not fly, clear text conversations and audio is recorded straight from Microsoft servers, and most likely video too, at least for special interest persons or IP addresses.

I might be missing something, but it doesn't seem to me that the test performed can possibly lead to the conclusion that end-to-end encryption definitely does not exist, as suggested by the headline. The article itself raises the possibility of the following scenario:

1. Message encrypted by "A" such that only "B" can decrypt it.2. Message is passed from "A" to "B" without being decrypted.3. Message is decrypted by "B"'s local client.4. "B"'s local client parses internet URLs and sends them to Microsoft's SmartScreen filter.5. Microsoft's SmartScreen service checks the existence of the URL and/or does some follow-up, reports back to the client.

Now, I'm not saying I know that this is what is happening. In fact, I kind of doubt it, just because it would be more efficient (especially for group communications) to manage encryption from client to server only. But would this not would show the results presented in this article while still being end-to-end encryption? How can you rule out this scenario from this test?

If the local client is reading the info and acting on it, then it's not end-to-end encryption. It is still a MiM scenario, only that the "Middle" is really close to one of the endpoints, a Man at almost the Endpoint attack if you want to name it.

The client is the end point, and in this scenario is the also the one sending off the url. You can validly claim that this is still bad behavior, but to try to call it a MitM attack is a bit ridiculous...